Lucene search

[email protected]CVE-2006-0424

HistoryJan 25, 2006 - 11:07 p.m.

CVE-2006-0424

2006-01-2523:07:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2006-0424

bea weblogic server

weblogic express

remote authentication

server log

configuration information

security vulnerability

6.8 Medium

AI Score

Confidence

Low

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

0.005 Low

EPSS

Percentile

75.7%

JSON

BEA WebLogic Server and WebLogic Express 8.1 through SP4, 7.0 through SP6, and 6.1 through SP7 allows remote authenticated guest users to read the server log and obtain sensitive configuration information.

CPENameOperatorVersion
bea:weblogic_serverbea weblogic servereq7.0
bea:weblogic_serverbea weblogic servereq6.1
bea:weblogic_serverbea weblogic servereq8.1

CPE	Name	Operator	Version
bea:weblogic_server	bea weblogic server	eq	7.0
bea:weblogic_server	bea weblogic server	eq	6.1
bea:weblogic_server	bea weblogic server	eq	8.1

References

dev2dev.bea.com/pub/advisory/168

secunia.com/advisories/18592

securitytracker.com/id?1015528

www.osvdb.org/22776

www.securityfocus.com/bid/16358

www.vupen.com/english/advisories/2006/0313

exchange.xforce.ibmcloud.com/vulnerabilities/24295

6.8 Medium

AI Score

Confidence

Low

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

0.005 Low

EPSS

Percentile

75.7%

JSON

Related for CVE-2006-0424

prion1 cvelist1